To do this, configure the following list of CRLs to be unauthenticated on the proxy server:
http://go.microsoft.com/
https://sls.microsoft.com/
https://sls.microsoft.com:443
http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl
http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
https://activation.sls.microsoft.com